[clug] iVote compromise

[Andrew Donnellan]

On 23 Mar 2015 20:16, "Robert Edwards" <bob at cs.anu.edu.au> wrote:
>
> Too late now, but I just returned from an excellent talk at ANU
> by Prof. J Alex Halderman ( https://jhalderm.com/ ) about online
> voting vulnerabilities, in which he discussed his latest compromise
> (along with Prof. Vanessa Teague) of the NSW iVote system:
> https://freedom-to-tinker.com/blog/teaguehalderman/ivote-vulnerability/
>
> Great stuff. Also discussed work he has done on the Estonia online
> system, built on Debian GNU/Linux! (YEAH! got a Linux ref. in there!)
>
> Also discussed various other open (and close) source voting systems.
>
> Anyone else on this list there? Alas, I am not sure if the ANUs brave
> new proprietry lecture recording system did the business for us. We'll
> see...

I was there - great talk, hopefully a recording emerges at some point.

If you're not familiar with Halderman's work I highly recommend reading his
e-voting related papers - the paper on the infamous DC pentest is
absolutely hilarious but he's also done a bunch of things with in-person
electronic voting machines which make a good read.

I think the single thing which stood out most for me was when he said (in
reference to the DC case) "the developer used the wrong kind of quotes
here... and because of that we stole all the ballots". It pretty much sums
up the incredibly difficult game that is computer security.

Now, if only someone would do a security audit on the ACT's voting
machines...

Andrew

>
> cheers,
>
> Bob Edwards.
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux